Blogging

WordPress Vulnerability

January 2, 2007

I was reading Reaper-X’s blog yesterday when I came across the post about the latest WordPress vulnerability. Naturally, since we use WordPress, my ears perked up.

As it stands, here is a description of the problem from the SecurityFocus web site:

Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.

Shout out to Reaper-X for bringing this to our attention. We fixed our blog code last night after reading the post :). Today, I noticed that Secunia has also posted on it.

If you use WordPress, here is a link to the official fix that will show you what to change in the code of your templates.php file.

    EDIT: Madhur pointed out that WordPress has not verified this vulnerability. So, keep that in mind when considering the fix (Thanks, Madhur ;)).

designer

CCT

Are You Ready?

When you are ready to get more specific information about your project, click here and fill out our handy online form for a free web design quote.

Get My Free Quote

you need a website?
we can help

    order a project

    arrow

    Recent Posts

    In Web Design

    Domain Name Services fake letter.

    Blogging

    Domain Name Services Scam - Kind of

    Jan 2, 2007

    I was reading Reaper-X’s blog yesterday when I came across the post about the latest WordPress vulnerability. Naturally, since we use WordPress,...

    Blogging

    Web Design Basics

    Jan 2, 2007

    I was reading Reaper-X’s blog yesterday when I came across the post about the latest WordPress vulnerability. Naturally, since we use WordPress,...

    Leading Digital Marketing Agency in Morehead City, NC

    Blogging

    Three Common Web Design Mistakes

    Jan 2, 2007

    I was reading Reaper-X’s blog yesterday when I came across the post about the latest WordPress vulnerability. Naturally, since we use WordPress,...

    arrow

    Go to our blog